VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

3,457 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

HIGH8.6CVE-2026-44023Docling Core: Unsafe remote filename resolution2026/6/3
HIGH8.1CVE-2026-44019Docling Core: Insufficient validation of image reference URIs2026/6/3
HIGH7.1Docling: Unsafe URI and Path Handling in HTML Backend2026/6/3
HIGH7.5Docling: Unsafe XML Entity Expansion in USPTO Patent Backend2026/6/3
HIGH8.2Docling: Unsafe Playwright-based HTML Rendering2026/6/3
HIGH7.5EPSS 0.05%React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint2026/6/3
HIGH8.1EPSS 0.25%React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE2026/6/3
HIGH8.0EPSS 0.03%React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets2026/6/3
HIGH7.5Docling: Unsafe Zip Extraction in EasyOCR Model Download2026/6/3
HIGH7.5AIOHTTP is vulnerable to cross-origin redirect with per-request cookies2026/6/2
HIGH8.1praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id}2026/6/1
HIGH8.3praisonai-platform: Issue endpoints accept any issue_id without workspace ownership check, cross-workspace read/update/delete IDOR2026/6/1
HIGH8.1praisonai-platform: Comment endpoints accept any issue_id without workspace ownership check, cross-workspace comment read and post IDOR2026/6/1
HIGH8.1praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR2026/6/1
HIGH8.2DOMPurify XSS via selectedcontent re-clone2026/6/1
HIGH8.1praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role2026/5/29
HIGH7.6praisonai-platform: Label endpoints' unchecked label_id/issue_id enable cross-workspace label IDOR (edit, delete, link)2026/5/29
HIGH8.1praisonai-platform: IDOR in dependency endpoints allows cross-workspace issue linking, reading, and deletion due to missing ownership checks2026/5/29
HIGH8.8PraisonAI Platform: Missing role checks let any workspace member become owner and control workspace membership2026/5/29
HIGH8.8PraisonAI Platform workspace-scoped routes allow cross-workspace object access by global object ID2026/5/29
HIGH8.8PraisonAI has Cross-Workspace IDOR and Privilege Escalation via Platform API2026/5/29
HIGH8.1PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-443342026/5/29
HIGH8.6NodeVM network builtin exclusions bypass via internal _http_client and _http_server2026/5/29
HIGH7.5EPSS 0.06%ExifReader is vulnerable to denial of service via crafted ICC `mluc` tag2026/5/29
HIGH8.6vm2's Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain2026/5/29

← 上一頁第 2 / 139 頁下一頁 →